CVE-2024-7817 Misiek Photo Album <= 1.4.3 - Album Deletion via CSRF

2024-09-1206:00:05

WPScan

www.cve.org

misiek photo album

vulnerability

csrf

album deletion

wordpress plugin

EPSS

0.001

Percentile

18.6%

JSON

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Misiek Photo Album",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.4.3"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

wpscan.com/vulnerability/ab09e5a3-f5ea-479f-be2d-366f8707775e/

EPSS

0.001

Percentile

18.6%

JSON

Related for CVELIST:CVE-2024-7817